<?
require "include/bittorrent.php";
dbconn();

$id = (int)$_GET["id"];
$md5 = $_GET["secret"];

if (!$id)
	error("Invalid ID.");

$res = query("SELECT passhash, editsecret, status FROM users WHERE id = $id");
$row = mysql_fetch_array($res);

if (!$row)
	error("Invalid ID.");

if ($row["status"] != "pending") 
{
	header("Refresh: 0; url=../../ok.php?type=confirmed");
	exit();
}

$sec = hash_pad($row["editsecret"]);
if ($md5 != md5($sec))
	error("Incorrect secret.");

query("UPDATE users SET status='confirmed', editsecret='' WHERE id=$id AND status='pending'");

if (!mysql_affected_rows())
	error("Confirmation failed.");

logincookie($id, $row["passhash"]);

header("Refresh: 0; url=../../ok.php?type=confirm");
?>